“Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.
The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges.”
Here is some more Tech News from around the web:
- TI First to License ARM’s Next-Generation Eagle Core @ AnandTech
- Apple to launch upgraded iPad with Cortex-A9-based CPU in 2011, says Digitimes Research
- Legal Jailbreaking: Is Apple worried? @ TechwareLabs
- The Dangers of Email @ Computing on Demand
- ASUS USB-N13 802.11n Adapter @ Tweaktown
- Win a GeForce GTX 460 or a copy of Metro 2033 @ The Tech Report
- Gigabyte GO OC 2010 North America Overclocking Championships @ Legit Reviews
- Win Four Zagg iPad FRONT Invisible Shield Protection @ t-break
Patching kernels is a modern game of whack-a-mole
Source: The Register
Having just patched a vulnerability tied to how Windows handles Control Panel icons and a day before a rather heavy Patch Tuesday arrives we have a new and nasty kernel vulnerability that affects all Windows versions. This one seems a little odd but is no less threatening because of its target. It would seem that pasting a large number of colour values, more than 256 specifically, into an improperly allocated buffer could allow one of those nasty net denizens to sneak in something malicious that will get to run its self with kernel level privileges. The Register has more information, but unfortunately no cure.